This is what I did. I obtained a certificate from this site:

https://www.sslforfree.com

They provided 3 files:
  certificate.crt
  private.key

which make perfect sense as replacement for the 2 files provided by the distribution. I am guessing that I need somehow to append the 3rd file (ca_bundle.crt) to the first one? In order to raise its credibility?

TIA


On 11/10/2020 2:20 PM, Aki Tuomi wrote:

      
On 10/11/2020 19:17 Raymond Herrera <raymond@forcewise.com> wrote:


This is a followup to my thread "Recommended Protocols?".
The error message is as follows:
 dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 

I have selected both SSL/TLS and STARTTLS on the Thunderbird side, with identical results.

The first question that I have is this. Is there any way to know whether that error messages comes from an attempt to read:
 
 (a) The server SSL certificate?
 (b) The client SSL certificate?
Please find attached 2 log files. I am essentially using the distribution files as they come from the box.

TIA


While bit confusing, this actually means the client did not trust the server certificate. Usually because you forgot the chain certs from the cert file.

Aki